Authorization code

Sample implementation -- Check out this advanced sample on our api-samples repo on GitHub. You can clone the sample, deploy it, and run it. For details, see the README file. It includes a robust login app that authenticates users and communicates securely with the authorization server.

Policy and API references

OAuthV2 Policies -- These policies allow you to implement and customize the four OAuth 2.0 grant types on Apigee Edge:

OAuthV2 policy -- The heart of the Apigee Edge OAuth 2.0 implementation. It lets you configure OAuth 2.0 "operations" on Apigee Edge that generate access and refresh tokens, issue authorization codes, and validate tokens. This topic includes code samples to help illustrate how things work.

GetOAuthV2Info policy -- Gets attributes of tokens and makes them available to policies and code executing in an API proxy. This policy type can be useful when you need to configure dynamic, conditional behavior based on a value in an access token. See also Customizing access tokens.

OAuth 1.0a policy reference

The OAuthV1 policy reference explains how to configure an OAuth v1.0a plicy. The OAuthV1 policy type is responsible for generating request tokens, generating access tokens, and verifying access tokens based on the OAuth 1.0a specification. The OAuth